Cybersecurity Defense Ecosystem Summit 2025, Toronto: The Value of Mental Models in the Age of Cybersecurity and AI

Summarizing a full day of intense cybersecurity discussions into one article is not easy. For a lot more details, watch for the video interviews and extended virtual sessions that we will be publishing soon to complement this story.  Check out some pics at https://tpievents.smugmug.com/2025CDESummitToronto

First, a very special thank you to all the amazing speakers and sponsors whose support was vital to our mission of shaping cybersecurity in Canada. We are also grateful to everyone who invested their time to attend. The overwhelmingly positive testimonials are already pouring in, and we are thrilled!

Sounil Yu, Chief AI Officer at Knostic, Author of the Cybersecurity Defense Matrix, investor and previous Chief Security Scientist at Bank of America, kicked off the CDE summit, emphasizing that frameworks (mental models) are crucial for accelerating competency in cybersecurity and AI. Key models discussed for structuring strategy and identifying gaps include the:

• Cyber Defense Matrix (Check out his book)
• Connection Framework (“Chaotic” to “Clear” maturity)
• DIKW Pyramid (Data to Wisdom)
• OODA Loop (Mapping machine autonomy/controls Observe, Orient, Decide, Act)
• System 1/System 2 Thinking (Fostering analytical, strategic thought System 1 is fast, automatic, and intuitive, while System 2 is slow, deliberate, and effortful).

If some of these mission-critical concepts are unknown to you, I encourage you to explore why this matters as it can make a significant difference in your cybersecurity defence posture. Subscribe to eChannelNEWS as we continue to highlight more or catch Sounil at one of several upcoming cyber events.

A major point was the need for Human Governance over agentic AI (machines taking increased decision and action roles) to manage trust, ethics, and alignment, as data fixes alone are insufficient. Practical application progresses from chaotic to clear through disciplined experimentation.

AI is improving Security Operations Center (SOC) efficiency by mitigating “risk fatigue,” managing alert overload, and reducing manual “toil” across the business (e.g., finance). Audience Q&A confirmed the value of cross-departmental experimentation and the necessity of using multiple mental models (CVM, OODA, DIKW) to map AI complexity. Most current AI is in the second stage (e.g., reinforcement learning). Trust requires governance at the decision-making level.

Recommended Action:

1. Encourage cross-departmental AI experiments.
2. Assess organizational maturity (“chaotic to clear”) and AI autonomy levels.
3. Systematically adopt mental models (CVM, OODA, DIKW) for strategy.
4. Strengthen controls and limit high-autonomy AI experiments to non-production.
5. Implement human governance and ethics, focusing on knowledge/decision quality.
6. Foster analytical “System 2” thinking through training.
7. Codify successful experiments into standard procedures.

AI, Compliance, and the CISO

Top Cyber panelists (Nim Nadarajah, Andy Larin, Mike Pearlstein, Denis Villeneuve, Vanja Boyer and Eldon Sprickerhoff) explored AI in security operations, stressing the balance between automation and essential human oversight. AI enhances efficiency (compliance checks, threat detection) but must be routinely validated; over-trusting AI (likened to an “eager intern”) and misuse of generative AI are major risks. Compliance requires ongoing proof of controls, cultural buy-in, and continuous monitoring, not just periodic attestation.

As bad actors continue to leverage more AI, you can expect increased volume and levels of sophisticated attacks that can deceive even seasoned cyber experts. As autonomous AI agents do reconnaissance on targets and continually prod systems for vulnerabilities, expect more breaches. Even though breaches can be detected much faster in 2025, it’s still not fast enough to prevent significant damage. The race continues to get ahead of the attacks by leveraging more predictive AI-empowered capabilities.

We also discussed what happens when all layers of defences fail: Recovery and cyber insurance kicks in. Having a pre-tested cyber recovery plan is mission critical. You may want to check out ShadowHQ and Storage Guardian to be well prepared for a breach. It’s advisable to thoroughly review the fine print of your policy to ensure full compliance to prevent an unwelcome surprise denial of claim. I suggest you contact Kenrick Bagnall to obtain the right cybersecurity insurance coverage with built-in monitoring and back-up services, and understand the cyber crime reporting options .

Action items

• Building Agentic AI defense skills.
• Rigorous testing/certification of AI agents in digital twin environments.
• Updating policies for human oversight.
• Continuous compliance monitoring and drift detection.
• Educating teams on AI trust (“trust but verify”).
• Aligning insurance policies with controls and provable compliance requirements

Our second panel of leading CISOs (Evgeniy Kharam, Denis Villeneuve, Eldon Sprickerhoff, Greg Thompson) explored the Rise of the CISO – Skills, Roles, and Evolution.

The CISO role is shifting to a hybrid of technical expertise and business acumen. Successful CISOs translate technical risks into business outcomes using relatable analogies and understanding stakeholder perspectives (e.g., DISC framework). Soft skills, adaptability, and surrounding oneself with experts are critical. Evgeniy Kharam wrote a book on the topic!

The responsibilities of both the CISO and CIO have become significantly more complex in today’s environment. The widespread growth of AI is directly contributing to an increase in cyber and privacy risks. A crucial task for CISOs and CIOs is to find the right balance to manage these twin challenges. It is imperative that other C-Suite executives acknowledge this escalating responsibility and provide the necessary funding and support. Failing to invest to prevent an incident “because it hasn’t happened yet” is precisely the vulnerability that malicious actors hope to exploit.

Key Metrics for CISOs

• Capability Maturity Model Scores (e.g., NIST CSF)
• Board-level Risk Statement Reduction (e.g., incident frequency targets)
• Key Performance Indicators (KPIs): Mean Time to Detection (MTTD) and Mean Time to Resolution (MTTR).
• Clear Distinction: Separate risk metrics (for posture) from performance metrics (for team efficiency).
• Supply Chain risks assessment and mediation
• Shadow IT and Shadow AI management

Budgeting and Strategy is mission critical: Business owners own the risk and must be accountable for funding. The focus is on avoiding tool sprawl, maximizing ROI from existing tools, and tailoring outsourcing models for security services while retaining critical governance. Defending against novel attacks requires proactive fundamentals: configuration management, segmentation, and rapid response.

All CISOs know that it takes the right technology, people and process to win in the cyber war. Tech sprawl is now being replaced with tools that are better integrated into platforms and AI is accelerating this journey. The CDES multi-vendor showcase featured leading cybersecurity providers with solutions in just about every threat vector.

Arctic Wolf stressed 24/7 managed detection and response and human-led, AI-augmented operations. AppOmni focused on SaaS security posture management, configurations, and the shared responsibility model. Athena, leveraging the open-source Wazoo ecosystem, highlighted its AI-enabled security operations platform for unified visibility, consolidated alerts, and faster response times, aiming to combat “alert fatigue.” Cyberhaven detailed its data protection solution—DLP, insider risk, and the new DSPM feature—for comprehensive data flow tracing across endpoints and cloud platforms.

Other leading solution vendors included Checkmarx (in-IDE code vulnerability detection and also won Best In Show Award), Dell Technologies (MSP/consultant referral program and more AI-security protected devices), IT Cloud (Canadian distributor for everything Microsoft emphasizing partner support and their latest Nord Security‘s suite to compliment Acronis), Open Text (comprehensive suite of cyber solutions, global reach and MSP support), RB Cyber Assurance (proactive monitoring for cyber insurance), and Adaptiv Networks (affordable and comprehensive cybersecurity with CORO and SD-WAN/SASE for SMBs).

Storage Guardian showcased their breach preparedness “table top” playbook and exercise. Bitdefender showed their full scope of affordable and world-class cybersecurity solutions. Discern Security talked about their posture assessment and management to ensure what you bought is actually working and well maintained. ShadowHQ demonstrated how to stay in control when you are being attacked and managing your response plan. Lookout to secure the mobile threats and protect the human layer and Cycode to identify, prioritize and fix software risk in your environment.

Our esteemed cyber panellists Bobby Singh, Priya Mouli, Jennifer Quaid, Adam Zimmermann, chimed in with more cyber insights on the “Good, Bad and Ugly of AI in Cyber”.

Their discussion centred on the complex and evolving intersection of cybersecurity and Artificial Intelligence, highlighting challenges such as Shadow IT, identity management, and non-human identities. A consensus emerged on the necessity of a balanced and responsible approach to AI implementation, supported by strong governance, digital literacy, and agile security strategies. Panelists emphasized the role of top-down leadership in cybersecurity and AI’s potential to both enhance business efficiency and strengthen defences.

Panelists debated whether AI will ultimately be a net positive for cybersecurity defenders, discussing both the benefits and the inherent challenges. A question was raised about the relationship between AI and other IT tools, specifically addressing the difficulty of managing AI agents. The discussion included how the unique algorithms of different AI platforms affect data processing and the resulting responses. An example was given of comparing various AI tools using public data to emphasize the importance of selecting the optimal tool for specific tasks.

Manage AI risks and maximize benefits

• Define AI Use Cases: Explore and clearly define specific, value-driven applications for AI within the organization.
• Establish AI Governance: Form a cross-functional governance committee (including IT, Legal, Privacy, and HR) to oversee AI strategy.
• Evaluate AI Tools: Conduct thorough security and privacy reviews when evaluating both in-house and external AI platforms.
• Develop Responsible Use Guidelines: Implement clear “Responsible Use of AI” guidelines for all employees.
• Enhance Digital Literacy: Provide ongoing training to employees on the proper use of AI tools and the associated risks.

Supply Chain Risks

• Widespread Impact: The discussion highlighted the severe and widespread impact of supply chain compromises, citing examples like the Target HVAC breach and law firms compromised through administration software.
• Cybersecurity as an Enabler: Cybersecurity is increasingly seen as a business enabler rather than just a compliance checkbox, requiring a top-down leadership mandate.
• Regulatory Impact: Mention was made of how legislation, such as Bill C-8, affects smaller organizations.

Executive Communication and AI Risk

• Boardroom Transparency: The importance of open, accurate, and concise communication regarding AI risks to executive leadership was stressed.
• Preventing Negligence: Safeguards, human guardrails, and clear accountability around AI models are essential to prevent criminal negligence.

AI as a Business Enabler and Governance

• Risks and Caution: While AI offers business benefits, risks like the potential for large-scale attacks necessitate a slow and cautious implementation approach.
• Governance Models: Sheridan College’s approach was presented as a case study, emphasizing the establishment of a governance committee and responsible use guidelines in a diverse environment (students, faculty, staff).
• Lack of Regulation: The current lack of comprehensive regulatory guidance for AI frameworks underscores the importance of internal risk assessments and strategic programs.
• Digital Literacy: Continuous training and digital literacy are vital for ensuring the responsible use of AI across all organizational segments.
• Pragmatism and Governance: The concluding advice focused on the need for pragmatism, strong governance, and a commitment to the responsible use of AI in managing organizational challenges.

Key concerns included the rising cyber risk from “shadow IT,” insider threats (e.g., North Korean employees), and supply chain vulnerabilities. Panelists advocated for a balanced, policy-driven approach to AI governance, emphasizing people, processes, and technology over technology alone. They stressed the need for board-level buy-in, continuous learning, and agile strategies in the face of rapidly changing threats.

During the Cyber Town-Hall, we tackled a variety of thought-provoking questions and comments, but what happens in the CDE Town Hall, stays there…

One thing we can highlight is that AI offers significant productivity value through several practical applications. These include monetizing AI for sales and marketing (e.g., rapid lead generation, content generation), creating “digital twins” for internal (and personal) efficiency and enhanced customer services, and automating most business processes using AI Agents. As AI adoption increases, a strong focus remains on implementing robust AI risk assessments, security guardrails, and necessary policies.

Regarding the human impact, the consensus is that AI will augment employee productivity, potentially leading to a significant reduction in the need for new hires and overall human staffing. While the emergence of new AI-related jobs could counteract this trend, the specifics—how, what, or when—remain uncertain. AI is achieving more with less in shorter timeframes, underscoring that utilizing AI is no longer optional.

The session ended with a Canadian focus, highlighting the need for a national baseline standard for Managed Security Providers and practitioners, standardized risk scoring/compliance (especially for monitoring the supply chain), a “Cyber Czar” to oversee the country’s cyber mission, and greater collaboration among ALL Canadian cybersecurity stakeholders (MSPs, MSSPs, CISOs, CIOs and AI Consultants) to enhance national security and global competitiveness, especially given regulatory gaps compared to other countries.

The above is only a short recap of what was covered at the CDES. You can miss a lot by just leaving the room for 10 minutes! It’s why our motto at our events is “if you are in the room, be in the room”.

The recent CDES event represents a significant advance—a potential “giant leap”—in our cyber journey. However, the true impact hinges on your post-event execution of the knowledge gained. The responsibility to act is now yours. We encourage you to join us in shaping the future of cybersecurity, in Canada and globally, and look forward to seeing you at the next CDES event in your city in 2026.

As an independent news media (eChannelNews and its Cybersecurity Defense Ecosystem), we are also proud to partner with local third-party cyber event organizers such as RS CyberCon, CriticalMatrix | MatrixVentures and CxO Open Mic to extend the reach and increase value to the cyber community. Moving forward you can expect that we will be expanding with more third-party organizations.

How can you get involved? Join the CDE free for first year at https://cybersecuritydefenseecosystem.com. Meet and network the community at the next CDE Summit.

So much is currently being planned for 2026…